Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencart opencart vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv3
CVE-2020-28838
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows malicious user to add cart items via Add to cart.
Opencart Opencart 3.0.3.6
7.5
CVSSv3
CVE-2020-15478
The Journal theme prior to 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors.
Journal-theme Journal
4.8
CVSSv3
CVE-2020-13980
OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is ...
Opencart Opencart 3.0.3.3
NA
CVE-2020-105961
OpenCart version 3.0.3.2 suffers from a persistent cross site scripting vulnerability.
5.4
CVSSv3
CVE-2020-10596
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.
Opencart Opencart 3.0.3.2
2 Github repositories
4.8
CVSSv3
CVE-2019-15081
OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.
Opencart Opencart
1 EDB exploit
1 Github repository
6.1
CVSSv3
CVE-2018-1000640
OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This atta...
Villagedefrance Opencart-overclocked
8.8
CVSSv3
CVE-2018-13067
/upload/catalog/controller/account/password.php in OpenCart up to and including 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password.
Opencart Opencart
4.9
CVSSv3
CVE-2018-11495
OpenCart up to and including 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php.
Opencart Opencart
8
CVSSv3
CVE-2018-11494
The "program extension upload" feature in OpenCart up to and including 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows malicious users to execute arbitrary code if the remove step is skipped, because the attacker can discover a sec...
Opencart Opencart
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »